<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Create or update application privileges API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-put-privileges.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-put-privileges.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-put-privileges.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-put-privileges.html" rel="nofollow" target="_blank">../en/security-api-put-privileges.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">Create or update application privileges API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-create-api-key.html">« Create API key API</a>
</span>
<span class="next">
<a href="security-api-put-role-mapping.html">Create or update role mappings API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-put-privileges"></a>Create or update application privileges API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>

<p>Adds or updates <a class="xref" href="security-privileges.html#application-privileges" title="Application privileges">application privileges</a>.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">POST /_security/privilege</code><br></p>
<p><code class="literal">PUT /_security/privilege</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-prereqs"></a>Prerequisites<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>To use this API, you must have either:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
the <code class="literal">manage_security</code> cluster privilege (or a greater privilege such as <code class="literal">all</code>); <em>or</em>
</li>
<li class="listitem">
the <em>"Manage Application Privileges"</em> global privilege for the application
being referenced in the request
</li>
</ul>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>This API creates or updates privileges. To remove privileges, use the
<a class="xref" href="security-api-delete-privilege.html" title="Delete application privileges API">delete application privilege API</a>.</p>
<p>For more information, see <a class="xref" href="defining-roles.html#roles-application-priv" title="Application Privileges">Application Privileges</a>.</p>
<p>To check a user’s application privileges, use the
<a class="xref" href="security-api-has-privileges.html" title="Has privileges API">has privileges API</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The body is a JSON object where the names of the fields are the application
names and the value of each field is an object. The fields in this inner
object are the names of the privileges and each value is a JSON object that
includes the following fields:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">actions</code>
</span>
</dt>
<dd>
(array-of-string) A list of action names that are granted by this
privilege. This field must exist and cannot be an empty array.
</dd>
<dt>
<span class="term">
<code class="literal">metadata</code>
</span>
</dt>
<dd>
(object) Optional meta-data. Within the <code class="literal">metadata</code> object, keys
that begin with <code class="literal">_</code> are reserved for system usage.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-app-privileges-validation"></a>Validation<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
Application names
</span>
</dt>
<dd>
<p>
Application names are formed from a <em>prefix</em>, with an optional <em>suffix</em> that
conform to the following rules:
</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
The prefix must begin with a lowercase ASCII letter
</li>
<li class="listitem">
The prefix must contain only ASCII letters or digits
</li>
<li class="listitem">
The prefix must be at least 3 characters long
</li>
<li class="listitem">
If the suffix exists, it must begin with either <code class="literal">-</code> or <code class="literal">_</code>
</li>
<li class="listitem">
The suffix cannot contain any of the following characters:
<code class="literal">\</code>, <code class="literal">/</code>, <code class="literal">*</code>, <code class="literal">?</code>, <code class="literal">"</code>, <code class="literal">&lt;</code>, <code class="literal">&gt;</code>, <code class="literal">|</code>, <code class="literal">,</code>, <code class="literal">*</code>
</li>
<li class="listitem">
No part of the name can contain whitespace.
</li>
</ul>
</div>
</dd>
<dt>
<span class="term">
Privilege names
</span>
</dt>
<dd>
Privilege names must begin with a lowercase ASCII letter and must contain
only ASCII letters and digits along with the characters <code class="literal">_</code>, <code class="literal">-</code> and <code class="literal">.</code>
</dd>
<dt>
<span class="term">
Action names
</span>
</dt>
<dd>
Action names can contain any number of printable ASCII characters and must
contain at least one of the following characters: <code class="literal">/</code> <code class="literal">*</code>, <code class="literal">:</code>
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-response-body"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>A successful call returns a JSON structure that shows whether the privilege has
been created or updated.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-put-privileges-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>To add a single privilege, submit a PUT or POST request to the
<code class="literal">/_security/privilege/</code> endpoint. For example:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT /_security/privilege
{
  "myapp": {
    "read": {
      "actions": [ <a id="CO650-1"></a><i class="conum" data-value="1"></i>
        "data:read/*" , <a id="CO650-2"></a><i class="conum" data-value="2"></i>
        "action:login" ],
        "metadata": { <a id="CO650-3"></a><i class="conum" data-value="3"></i>
          "description": "Read access to myapp"
        }
      }
    }
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2066.console"></div>
<div class="calloutlist">
<table border="0" summary="Callout list">
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO650-1"><i class="conum" data-value="1"></i></a></p>
</td>
<td align="left" valign="top">
<p>These strings have significance within the "myapp" application. Elasticsearch does not
assign any meaning to them.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO650-2"><i class="conum" data-value="2"></i></a></p>
</td>
<td align="left" valign="top">
<p>The use of a wildcard here (<code class="literal">*</code>) means that this privilege grants access to
all actions that start with <code class="literal">data:read/</code>. Elasticsearch does not assign any meaning
to these actions. However, if the request includes an application privilege
such as <code class="literal">data:read/users</code> or <code class="literal">data:read/settings</code>, the
<a class="xref" href="security-api-has-privileges.html" title="Has privileges API">has privileges API</a> respects the use of a
wildcard and returns <code class="literal">true</code>.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO650-3"><i class="conum" data-value="3"></i></a></p>
</td>
<td align="left" valign="top">
<p>The metadata object is optional.</p>
</td>
</tr>
</table>
</div>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "myapp": {
    "read": {
      "created": true <a id="CO651-1"></a><i class="conum" data-value="1"></i>
    }
  }
}</pre>
</div>
<div class="calloutlist">
<table border="0" summary="Callout list">
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO651-1"><i class="conum" data-value="1"></i></a></p>
</td>
<td align="left" valign="top">
<p>When an existing privilege is updated, <code class="literal">created</code> is set to false.</p>
</td>
</tr>
</table>
</div>
<p>To add multiple privileges, submit a POST request to the
<code class="literal">/_security/privilege/</code> endpoint. For example:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT /_security/privilege
{
  "app01": {
    "read": {
      "actions": [ "action:login", "data:read/*" ]
    },
    "write": {
      "actions": [ "action:login", "data:write/*" ]
    }
  },
  "app02": {
    "all": {
      "actions": [ "*" ]
    }
  }
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2067.console"></div>
<p>A successful call returns a JSON structure that shows whether the privileges
have been created or updated.</p>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "app02": {
    "all": {
      "created": true
    }
  },
  "app01": {
    "read": {
      "created": true
    },
    "write": {
      "created": true
    }
  }
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-create-api-key.html">« Create API key API</a>
</span>
<span class="next">
<a href="security-api-put-role-mapping.html">Create or update role mappings API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>